User-Friendly Security Solutions for Grid Environments

Funded by:

This EPSRC-funded project runs for three years, from 2006 to 2009. It aims to provide lightweight and usable security solutions for computational grid environments. In this context, we use the term "lightweight" to mean that the solution is easy to deploy in a scalable fashion, is easy to maintain, and is not overly complex for the administrator or users to understand and use. We use the term "usable" to mean that the user (subjectively) feels that the software has successfully fulfilled their requirements for that software -- this includes considerations such as ease of use, the gradient of the learning curve, the extent to which the software supports the user's model of how it should be used, etc.

To access the private pages for this project please click here


Problem statement

  1. The security infrastructure currently deployed in most grid environments tends to be extremely complex. It is difficult to set up, expensive to maintain and not very scalable. The learning curve for end users and administrators is very steep, which seriously hinders wide adoption of grid technologies.

  2. Currently, the main focus of the most widely deployed security solutions for grid environments is authentication (and related issues such as encrypting and ensuring the integrity of protocol messages). Authorisation requirements tend not to be well addressed, and auditing considerations are rarely, if ever, taken into account. Similarly, more complex security issues, such as those that arise in the biomedical domain (e.g. trust, confidentiality, privacy, all of which may arise in the context of secure access of medical datasets) have yet to be adequately addressed.

  3. Well-understood formal security models of grid environments are still lacking. The security of many grid systems is undermined by invalid trust assumptions and ignorance of usability issues. There may also be flaws in the underlying protocols.

Objectives

Methodology

The aim of this project is to develop usable software that addresses the authentication and authorisation concerns of the RealityGrid Project, and, in so doing, it will actively investigate usability issues and user security requirements of the grid environments used by that project. The software development activities will be complemented by formal validation and analysis of the software developed and its associated security model. The software development team will work in close conjunction with the developers of the lightweight middleware used by the RealityGrid Project to ensure that the project's software can be readily integrated with the appropriate lightweight middleware.

A user-centred design methodology will be employed to ensure that the concerns of the stakeholders in the RealityGrid Project are central to the software development of this proposal throughout the development cycle. This will be complemented by frequent user trials of both prototypes and developed software throughout the project's development cycle. This will ensure that any software produced does not replicate the failings of so much of the current grid middleware of being too general to be of much use to any specific group. To analyse the security models, and to model the grid environment appropriately for the research objectives above, formal methods will be used.

Project team

People Affiliation Role
Prof P.V. Coveney Centre for Computational Science, Department of Chemistry, University College London Principal Investigator
Prof P.Y.A. Ryan School of Computing Science, Newcastle University Co-Investigator
B. Beckles Computing Service, University of Cambridge Co-Investigator
Dr A.E. Abdallah Institute for Computing Research, Faculty of Business, Computing and Information Management, London South Bank University Co-Investigator
Dr S.M. Pickles Manchester Computing, University of Manchester Co-Investigator
Dr J.M. Brooke Manchester Computing, University of Manchester Co-Investigator
Dr F. Hao Centre for Computational Science, Department of Chemistry, University College London Software developer
Dr J. Bryans School of Computing Science, Newcastle University Security analyst
L. Fazendeiro Centre for Computational Science, Department of Chemistry, University College London PhD student

References

  1. B. Beckles, P.V. Coveney, P.Y.A. Ryan, A.E. Abdallah, S.M. Pickles, J.M. Brooke, and M. McKeown, "A user-friendly approach to computational grid security", Proceedings of the UK e-Science All Hands Meeting 2006. [Paper] [Presentation]
  2. P.V. Coveney, R.S. Saksena, S.J. Zasada, M. McKeown and S. Pickles, "The application hosting environment: Lightweight middleware for grid-based computational science", Computer Physics Communications, Vol. 176, No. 6, pp. 406-418, March 2007. [Paper]
  3. B. Beckles, "Re-factoring grid computing for usability", Proceedings of the UK e-Science All Hands Meeting 2005. [Paper]
  4. B. Beckles, V. Welch, J. Basney, "Mechanisms for increasing the usability of grid security", Int. J. Human-Computer Studies, Vol. 63, No. 1-2, pp. 74-101, July 2005. [Paper]
  5. P.V. Coveney, J. Vicary, J. Chin and M. Harvey, "WEDS: a Web services-based environment for distributed simulation", Phil. Trans. R. Soc. A, Vol. 363, No. 1833, pp. 1807-1816, August 2005. [Paper]
  6. B. Beckles, "Removing digital certificates from the end-user's experience of grid environments", Proceedings of the UK e-Science All Hands Meeting 2004. [Paper]
  7. J. Chin, P.V. Coveney, "Towards tractable toolkits for the Grid: a plea for lightweight, usable middleware.", UK e-Science Technical Report Number UKeS-2004-01. [Technical report]